← All Research24 March 2026

How to Secure Your MCP Server in 5 Minutes — Step-by-Step Tutorial

MCP servers have 97 million monthly SDK downloads and over 10,000 production deployments. Most have zero security. Any AI agent can connect, call any tool, and access any data — with no identity check, no rate limiting, and no audit trail.

This tutorial adds security to your MCP HTTP server in under 5 minutes. By the end, you will have rate limiting, an abuse database check, tool-level permissions, and audit logging — all from a single npm package.

Prerequisites

You need an MCP HTTP server running with Express (or any framework that supports middleware). If you are running a stdio-only MCP server via Claude Desktop or Cursor, this tutorial does not apply — stdio servers run locally and do not need network security.

This tutorial assumes you have Node.js 18+ and an existing MCP server. If you do not have one, the MCP documentation has quickstart guides.

Step 1: Install mcp-trust-guard

One package. Zero dependencies.

npm install mcp-trust-guard

Step 2: Add the middleware

Add three lines to your server file. This goes before your MCP handler, after express.json().

import { McpGuard } from 'mcp-trust-guard';

const guard = new McpGuard({
  abuseCheck: true,
  abuseBlockLevel: 'CAUTION',
  rateLimit: { window: 60, max: 30 },
  rules: [
    { minTrust: 0,  tools: ['get_*', 'read_*', 'list_*', 'search_*'] },
    { minTrust: 30, tools: ['create_*', 'update_*', 'write_*'] },
    { minTrust: 60, tools: ['delete_*', 'admin_*', 'execute_*'] },
  ],
  audit: true,
});

app.use(express.json());
app.use('/mcp', guard.middleware());

That is the complete setup. Let us break down what each option does.

Step 3: Understand what you just enabled

Abuse database check

abuseCheck: true checks every caller against the KYA community abuse database before allowing access. If an agent has been reported for data exfiltration, prompt injection, or any other abuse, your server knows about it automatically.

abuseBlockLevel: 'CAUTION' means agents with 2 or more reports (or any high-severity report) are blocked. You can set this to 'MONITOR' (block after 1 report), 'CAUTION' (2+ reports), or 'BLOCK' (5+ reports or critical severity).

Rate limiting

rateLimit: { window: 60, max: 30 } allows each caller 30 requests per 60-second window. Callers are identified by the x-agent-name header (configurable). Exceeding the limit returns a 429 JSON-RPC error.

Tool-level permissions

The rules array defines minimum trust scores for different tool patterns. Read-only tools (get_*, read_*) are open to anyone. Write operations require a trust score of 30+. Destructive operations (delete_*, execute_*) require 60+. Patterns use glob matching — * matches anything.

Audit logging

audit: true logs every tool call to the console with: timestamp, caller identity, tool name, trust score, and whether the call was allowed or denied. For production, pass a function instead: audit: (entry) => db.insert('audit_log', entry).

Step 4: Identify your callers

For the middleware to work, callers need to identify themselves. By default, mcp-trust-guard reads the x-agent-name HTTP header. MCP clients should include this when connecting:

curl -X POST http://localhost:3000/mcp \
  -H "Content-Type: application/json" \
  -H "x-agent-name: MyAgent" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"read_file","arguments":{}}}'

If no identity header is present, the request is blocked by default. To allow anonymous access to read-only tools, add allowAnonymous: true to your config.

Step 5: Scan your dependencies

Before deploying, check your own MCP server package for security issues. The KYA scanner analyses npm packages for install scripts, prompt injection patterns, suspicious URLs, and dependency risks.

curl "https://agentscores.xyz/api/scan?npm=your-package-name"

Or use the visual scanner at agentscores.xyz/scan — enter your package name and get a security score with detailed findings.

We scanned 195 MCP packages. 64% were clean. 4% had install scripts (a known supply chain attack vector). One package had a preinstall script modifying npm registry configuration. The scanner catches these issues before your users do.

Step 6: Verify agents before interacting

If your server calls other agents (or your users want to verify agents), KYA offers a full verification API. One call, six checks:

curl -X POST "https://agentscores.xyz/api/verify" \
  -H "Content-Type: application/json" \
  -d '{
    "agent": "some-agent",
    "github": "deployer-username",
    "model": "claude-opus-4-6",
    "tools": ["read_file", "write_file"],
    "transport": "http",
    "human_in_loop": false
  }'

Returns a score (0-100), risk level, and recommendation across six dimensions: deployer identity, model identification, code auditability, abuse history, permission scope, and deployment context. No API key needed.

Step 7: Report bad agents

If an agent does something malicious on your server, report it so every other server knows:

npm install kya-abuse-check

import { reportAbuse } from 'kya-abuse-check';

await reportAbuse({
  agent: 'bad-agent-name',
  reason: 'data_exfiltration',
  severity: 'high',
  evidence: 'Agent attempted to read /etc/passwd via read_file tool',
});

The report goes into the KYA abuse database. Every MCP server running mcp-trust-guard with abuseCheck: true will automatically block or flag that agent on its next connection attempt. One report protects the entire network.

The complete setup

Here is everything together — a secured MCP server in under 20 lines:

import express from 'express';
import { McpGuard } from 'mcp-trust-guard';

const app = express();
app.use(express.json());

const guard = new McpGuard({
  abuseCheck: true,
  abuseBlockLevel: 'CAUTION',
  rateLimit: { window: 60, max: 30 },
  rules: [
    { minTrust: 0,  tools: ['get_*', 'read_*', 'list_*'] },
    { minTrust: 30, tools: ['create_*', 'update_*'] },
    { minTrust: 60, tools: ['delete_*', 'execute_*'] },
  ],
  audit: true,
});

app.use('/mcp', guard.middleware());

// Your MCP handler goes here
app.post('/mcp', (req, res) => {
  // ... handle MCP JSON-RPC requests
});

app.listen(3000);

Your MCP server now has: agent abuse checking, per-caller rate limiting, tool-level access control, and full audit logging. Zero dependencies added. Under 5 minutes to set up.

What is next

The MCP 2026 roadmap includes OAuth 2.1, DPoP tokens, and gateway patterns for protocol-level authentication. When those specs land, they will handle who someone is. KYA handles whether you should trust them — reputation, abuse history, code integrity, and deployment risk. The two are complementary.

Resources:

• Full API documentation — all KYA endpoints
• MCP Security Scanner — scan any npm package
• mcp-trust-guard on npm
• kya-abuse-check on npm
• Source code on GitHub

Check any agent's trust score

Free, instant, multi-source scoring for any AI agent.

Search Agents Browse Marketplace